AFDCP Report Finds Lack of Compliance
PRIVACY LAW—FRANCEFebruary 25, 2011
The French Association of Data Protection Officers (AFCDP) has determined that 82 percent of organizations do not abide by the French Data Protection Act. The AFCDP's annual report for 2011, published last month, found that just 18 percent of responding organizations addressed information access requests in a "legally satisfactory manner," Monique Altheim writes, adding, "This very useful survey by the AFCDP illustrates how the passing of data protection acts alone is totally useless unless these laws actually get enforced," questioning that "if legislation does not even guarantee significant compliance, what kind of compliance will 'self-regulation' achieve?" The AFCDP's Bruno Rasle told the Daily Dashboard that most individuals are not familiar with the right of access, "So it is not, until now, very often used," and "organizations are not 'trained' to handle it when it occurs." Rasle explained that the French press only began writing on this right last year, "but things change. Our results show the presence of a CIL (French version of DPO) provides better quality response. For AFCDP, it is a strong sign: Someone is needed to handle the subject/do the job, and the DPO is the right man. And since we've started this index, we see a lot of improvements--thanks also to the CNIL's onsite audits and penalties. We are confident we are going to see major improvements in the near future."